1
Fork 0
mirror of https://github.com/Steffo99/sophon.git synced 2024-12-22 14:54:22 +00:00

🐛 Properly return 401 in custom actions

This commit is contained in:
Steffo 2021-10-29 01:15:20 +02:00
parent 363d1568b1
commit 154d187b11

View file

@ -262,6 +262,9 @@ class ResearchGroupViewSet(WriteSophonViewSet):
"""
group = models.ResearchGroup.objects.get(pk=pk)
if self.request.user.is_anonymous:
return Response(status=s.HTTP_401_UNAUTHORIZED)
# Raise an error if the group doesn't allow member joins
if group.access != "OPEN":
return Response(status=s.HTTP_403_FORBIDDEN)
@ -283,6 +286,9 @@ class ResearchGroupViewSet(WriteSophonViewSet):
"""
group = models.ResearchGroup.objects.get(pk=pk)
if self.request.user.is_anonymous:
return Response(status=s.HTTP_401_UNAUTHORIZED)
# Raise an error if the user is the owner of the group
if self.request.user == group.owner:
return Response(status=s.HTTP_403_FORBIDDEN)